The correct answers are B and C. Juniper IDP uses attack objects as match conditions inside IDP policy rules. Juniper states that IDP attack objects represent known and unknown attacks and that the predefined attack object database is periodically updated by Juniper Networks. The main IDP attack object types include signature attack objects, protocol anomaly attack objects, and compound attack objects.
Option C is correct because signature attack objects detect known attacks using stateful attack signatures. Juniper defines a signature as a pattern that exists within a specific section of an attack and includes protocol, service, direction, flow, and context information to reduce false positives.
Option B is correct because protocol anomaly attack objects detect abnormal protocol behavior. Juniper explains that protocol anomaly objects identify unusual or ambiguous traffic that violates protocol specifications, RFCs, or common RFC extensions.
Option A is wrong because “statistic-based” is not one of the IDP attack object database types being tested here. Option D is wrong because “vector-based” is not a Juniper IDP attack object type. Reference topics: IDP, attack object database, signature-based attack objects, protocol anomaly attack objects, predefined attack objects.
Submit